2023-01-21 02:12:32 +01:00

266 lines
7.7 KiB

{ pkgs, config }:
lib = pkgs.lib;
rec {
ns = "";
internalNS = [ ns ];
# public servers (slaves)
publicNS = [ "" "" ];
publicIPv4 =;
dynamicReverseZones = [
mapI = start: end: f:
if start >= end
then []
else [ (f start) ] ++ mapI (start + 1) end f;
isRfc1918Reverse = reverse:
builtins.any (suffix: lib.hasSuffix suffix reverse) ([
] ++ mapI 0 32 (i:
"${toString (16 + i)}"
localZones =
# aggregation size in CIDR bits
reverseZone6Size = 56;
hosts4Records = hosts4:
builtins.attrValues (
builtins.mapAttrs (name: addr: {
inherit name;
type = "A";
data = addr;
}) hosts4
hosts6Records = hosts6:
builtins.attrValues (
builtins.mapAttrs (name: addr: {
inherit name;
type = "AAAA";
data = addr;
}) hosts6
# generate zones only for nets with hosts
namedNets = lib.filterAttrs (_name: { hosts4, hosts6, dynamicDomain, ... }:
hosts4 != {} ||
hosts6 != {} ||
# converts an IPv4 address to its reverse DNS form
ipv4ToReverse = ipv4:
builtins.concatStringsSep "." (
lib.reverseList (
builtins.filter builtins.isString (
builtins.split "\\." ipv4
) + "";
# `{ "1," = "lo.core.zentralwerk.dn42"; }`
reverseHosts4 = builtins.foldl' (result: { hosts4, domainName, ... }:
builtins.foldl' (result: host: result // {
"${ipv4ToReverse hosts4.${host}}" = "${host}.${domainName}";
}) result (builtins.attrNames hosts4)
) {} (builtins.attrValues namedNets);
# `[ "" ]`
reverseZones4 = lib.unique (
builtins.attrNames (
builtins.foldl' (result: rname:
zone = builtins.head (
builtins.match "[[:digit:]]+\\.(.+)" rname
in result // {
"${zone}" = true;
) {} (builtins.attrNames reverseHosts4)
) ++ dynamicReverseZones
# turns `::` into `0000:0000:0000:0000:0000:0000:0000:0000`
expandIpv6 = ipv6:
if lib.hasPrefix "::" ipv6
then expandIpv6 "0${ipv6}"
else if lib.hasSuffix "::" ipv6
then expandIpv6 "${ipv6}0"
else let
words = builtins.filter builtins.isString (
builtins.split ":" ipv6
fillWordCount = 8 - builtins.length words;
fillWords = n:
if n >= 0
then [ "0000" ] ++ fillWords (n - 1)
else [];
words' = builtins.concatMap (word:
if word == ""
then fillWords fillWordCount
else [ word ]
) words;
leftPad = padding: target: s:
if builtins.stringLength s < target
then leftPad padding target "${padding}${s}"
else s;
words'' = map (leftPad "0" 4) words';
builtins.concatStringsSep ":" words'';
# turns `::1` into ``
ipv6ToReverse = ipv6:
builtins.concatStringsSep "." (
lib.reverseList (
lib.stringToCharacters (
builtins.replaceStrings [":"] [""] (expandIpv6 ipv6)
) + "";
# `{ dn42 = { "" = "lo.core.zentralwerk.dn42"; }; }`
reverseHosts6 = builtins.foldl' (result: net: lib.recursiveUpdate result (
builtins.mapAttrs (ctx: hosts:
builtins.foldl' (result: host:
domain =
if ctx == "dn42"
then "${net}.zentralwerk.dn42"
else namedNets.${net}.domainName;
lib.recursiveUpdate result {
"${ipv6ToReverse hosts.${host}}" = "${host}.${domain}";
) {} (builtins.attrNames hosts)
) namedNets.${net}.hosts6
)) {} (builtins.attrNames namedNets);
# `{ dn42 = [ "" ]; }`
reverseZones6 = builtins.mapAttrs (_ctx: reverseHosts6ctx:
builtins.attrNames (
builtins.foldl' (result: rname:
result // {
"${builtins.substring ((128 - reverseZone6Size) / 2) (72 - ((128 - reverseZone6Size) / 2)) rname}" = true;
}) {} (builtins.attrNames reverseHosts6ctx)
) reverseHosts6;
in [ {
name = "";
ns = publicNS;
records = [ {
name = "@";
type = "A";
data = publicIPv4;
} {
name = "www";
type = "A";
data = publicIPv4;
} {
name = "@";
type = "AAAA";
data =;
} {
name = "www";
type = "AAAA";
data =;
} ];
} {
name = "zentralwerk.dn42";
ns = internalNS;
records = [ {
name = "ipa";
type = "A";
data =;
} ];
} {
name = "";
ns = publicNS;
records = [ {
name = "upstream4";
type = "A";
data = publicIPv4;
} ];
} ]
builtins.concatLists (
builtins.attrValues (
builtins.mapAttrs (net: { dynamicDomain, hosts4, hosts6, extraRecords, ... }: [
name = "${net}.zentralwerk.dn42";
ns = internalNS;
records =
lib.optionals (hosts6 ? dn42) (hosts6Records hosts6.dn42) ++
name = "${net}";
ns = publicNS;
records =
hosts4Records hosts4 ++
lib.optionals (hosts6 ? up4) (hosts6Records hosts6.up4) ++
lib.optionals (hosts6 ? flpk) (hosts6Records hosts6.flpk) ++
dynamic = dynamicDomain;
]) namedNets
map (zone: {
name = zone;
ns =
if isRfc1918Reverse zone
then internalNS
else publicNS;
records =
map (reverse: {
name = builtins.head (
builtins.match "([[:digit:]]+)\\..*" reverse
type = "PTR";
data = "${reverseHosts4.${reverse}}.";
}) (
builtins.filter (lib.hasSuffix ".${zone}")
(builtins.attrNames reverseHosts4)
dynamic = builtins.elem zone dynamicReverseZones;
}) reverseZones4
builtins.concatMap (ctx:
map (zone: {
name = zone;
ns =
if ctx == "dn42"
then internalNS
else publicNS;
records =
map (reverse: {
name = builtins.substring 0 ((128 - reverseZone6Size) / 2 - 1) reverse;
type = "PTR";
data = "${reverseHosts6.${ctx}.${reverse}}.";
}) (
builtins.filter (lib.hasSuffix ".${zone}")
(builtins.attrNames reverseHosts6.${ctx})
}) reverseZones6.${ctx}
) (builtins.attrNames reverseZones6);